Archive for the 'Events' Category

A serious security vulnerability (“The Heartbleed Bug”) was recently discovered within OpenSSL, the software that some servers use to generate CSRs for SSL Certificates (note, CSRs generated on Windows IIS were not affected by this bug). This vulnerability existed for more than two years before identified/isolated, and was fairly easy to exploit, allowing attackers to steal information that was, under normal circumstances, protected by the SSL/TLS encryption used to secure the exchange of data on the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and some virtual private networks (VPNs). The Heartbleed bug allowed anyone on the Internet to read the memory of the systems that are ‘protected’ by a vulnerable version of the OpenSSL software. Essentially this means that the attackers were/are able to view/capture communications across networks, steal data (user names, passwords, credit card information, etc.) and impersonate services and users. Although Safenames was not impacted, when we learned of this security bug, we immediately took a specific set of actions to address this vulnerability including installing new SSLs with CSRs that were generated on the updated OpenSSL software. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system was/is vulnerable and we suggest that you upgrade as soon as possible.

What else can you do to protect yourself? If you have not already done so, it is highly recommended that you change your passwords for sensitive accounts (banks, email, facebook, etc.). Also, don’t hesitate to reach out to small businesses that may have your data to ensure that they are secure. Larger organizations most certainly know about Heartbleed, and have addressed this issue, but some small businesses may not—in situations like this it’s much better to be safe than sorry. Keep a close eye on financial statements for the next few weeks/months. Why? Because attackers often have access to a server’s memory for credit card information even after a vulnerability has been mitigated/addressed.

The GMO registry has recently announced that .Nagoya, one of three new GeoTLDs for Japan, will launch February 20th, 2014, followed by .tokyo, which is scheduled to launch in April, and .yokohama, which will launch later this year. Dot Nagoya represents the City of Nagoya, which is part of Japan’s third largest metropolitan region with a population of almost 9 million.

This launch is exciting, as these three new extensions are among the first ever GeoTLDs to launch as part of ICANN’s new gTLD Program. These new domain extension are meant to enable businesses, organizations, and individuals to establish an online naming presence by registering shorter, more relevant domains that represent their business within a specific local geographic community–much like how .EU, .ASIA, etc. (ccTLDs) are used to denote a country or region.